b'           Pen\n             nsion Benefit\n                   B       Guaran\n                           G    nty Corrporatio\n                                              on\n                   Office\n                        e of Ins\n                               specto\n                                    or Gen\n                                         neral\n                            Evalua\n                                 ation Re\n                                        eport\n\n\n\n\n          Fisca\n              al Year 2013\n                      2    Vulnerabilitty Assessment and\n                    Pennetration Testin\n                                      ng Repoort\n\n\n                RESTR\n                R   RICTE\n                        ED DIS\n                             SCLOS\n                                 SURE\n\nThis document contains\n                c         prrivileged and\n                                      a confide  ential inforrmation, an\n                                                                       nd was\nproducced at the direction of\n                           o the Pens  sion Beneffit Guarantty Corpora ation, Offic\n                                                                                  ce of\nInspec\n     ctor General. It may not\n                           n be disc  closed, repproduced, or disseminated with    hout\n                 the\n                 t expres  ss permiss sion of the Inspector General.\n\n\n\n\n                                Janu\n                                   uary 9, 2014\n                                                         EV\n                                                          VAL-2014-6//FA-13-93-55\n\x0c                        Pension Benefit Guaranty Corporation\n                                                        Office of Inspector General\n                                        1200 K Street, N.W., Washington, D.C. 20005-4026\n\n\n                                                                               January 9, 2014\n\n\nTo:            Joshua Gotbaum\n               Director\n\nFrom:          Rashmi Bartlett\n               Assistant Inspector General for Audit\n\nSubject:       Fiscal Year (FY) 2013 Vulnerability Assessment and Penetration Testing\n               (EVAL-2014-6/FA-13-93-5)\n\n\nI am pleased to transmit the attached Restricted Disclosure report detailing results of the\nvulnerability assessment and penetration testing evaluation performed in conjunction with the\naudit of the Pension Benefit Guaranty Corporation (PBGC) FY 2013 financial statements.\n\nDuring the financial statement audit, our independent public accountant, CliftonLarsonAllen\nLLP, assessed the PBGC information security infrastructure for technical weaknesses in\nPBGC\xe2\x80\x99s computer systems that may allow employees or outsiders to cause harm to, and/or\nimpact, PBGC\xe2\x80\x99s business processes and information. In its assessment, CliftonLarsonAllen\nfound the PBGC\xe2\x80\x99s information security vulnerabilities have increased. OIG was optimistic\nafter seeing a significant decline in the number of vulnerabilities form FY 2011 to FY 2012.\nOur FY 2013 findings raise concerns about the effectiveness of PBGC\xe2\x80\x99s scanning efforts and\ntimeliness in mitigating significant security weaknesses.\n\nDue to the sensitive nature of this report, its disclosure has been restricted. The final\ntransmittal memorandum will be posted to the OIG external website, but the attachment\nsummarizing our evaluation will be redacted in its entirety because it contains privileged and\nconfidential information that, if disclosed, would cause further vulnerability.\n\nWe appreciate the cooperation that CliftonLarsonAllen and the OIG received while\nperforming the testing.\n\nAttachment\n\n\ncc: Judith Starr\n    Patricia Kelly\n    Alice Maroni\n    Ann Orr\n    Jioni Palmer\n    Barry West\n    Sandford Rich\n    Marty Boehm\n\x0cIf you want to report or discuss confidentially any instance of misconduct,\n   fraud, waste, abuse, or mismanagement, please contact the Office of\n                             Inspector General.\n\n\n\n                              Telephone:\n                   The Inspector General\xe2\x80\x99s HOTLINE\n                           1-800-303-9737\n\n          The deaf or hard of hearing, dial FRS (800) 877-8339\n           and give the Hotline number to the relay operator.\n\n\n\n                                   Web:\n               http://oig.pbgc.gov/investigation/details.html\n\n\n\n                                Or Write:\n                 Pension Benefit Guaranty Corporation\n                      Office of Inspector General\n                            PO Box 34177\n                    Washington, DC 20043-4177\n\x0c'